Jump to content
Welcome to our new Citrix community!
  • 0

Win10 VDI extreme long logon times


Sascha Matter1709156668

Question

Hello

 

We have quite a big problem with one of our branch office in Australia. We built a VDI environment based on Win10, XD7 1906, WEM and PVS. We are using Citrix App-Layering to create the master-image for those VDIs and the hypervisor is Nutanix acropolis. Storage is provided with Nutanix storage.

 

Our problem is, that the users down there facing extreme logon times 3 to almost 7min. Also with an admin account, which dont get a citrix profile, it takes about 60-90s. But when the users are logged in, the performance of the VDI's is good. Just the logon is the problem.

 

We had a problem that our AD-Team didnt create a homeuser share on a file-server in Australia. So the personal data was somehow saved within the Citrix profile. But now we configured a file-server for them in Australia, but we still have those long logon times. Even when we reset the Citrix profile of one of those users.  Streamed Profile is not enabled and we are using WEM for the profile settings and other stuff. 

The director doesnt show us the correct logon times, they are actually much higher than the displayed logon times. I just tested it with a testuser, I used a stop clock during the logon. For 20sec I see the Citrix connecting windows, then for about 60sec the Welcome Screen, then for about 65sec the prepare Windows and bam I see my desktop. The director showed me 88sec :32_expressionless:

 

I checked if the logon server is maybe one here in Switzerland, but it one of the DC's in Australia. We also checked, if there are some GPO in Australia that are copying stuff from Switzerland to the VDI's. That was the case, but we edited those GPOs so that the VDI users in Australia are excluded with item level targeting. Other thing is, that the load time of the Citrix profile is very long even when the profile was resetted. In the pictured I've attached, the profile was about 24MB and 78 files or so.  

 

But also the interactive Session takes very long, Pre-Userinit 45sec and we used the Citrix optimizer. 

 

Other things I've checked so far:
Cache Disk is not full (12GB and 7GB free Space normaly)

Created a master-image without App-Layering, but still the same. 

We created a hosted-shared Desktop, but still the same.

DNS looks good

 

I dont know where the problem is, we tested so many things but nothing really helps. The Nutanix enviroment is quite OP, it's built for over 160VDIs and currently we are only running 20 VDIs on that cluster. 

If it's a storage problem, then I guess the performance overall would be bad too not only during the logon. Network? The Nutanix cluster is hosted in a datacenter in Australia. 

 

Would be extremely thankful for any tips. 

 

Thanks,

 

logontimes-afterProfilereset.PNG

Link to comment

18 answers to this question

Recommended Posts

  • 1

So we found the problem and it seems, that its a PVS related problem in combination with Nutanix Acropolis. After we saw that our DNS and Sites & Services were configured correctly, we did a test with a complete new Image based on MCS. With this VDIs the logon times were between 25-35sec without any optimizations.
 

I've already created a new masterimage some weeks ago, a pure PVS based image without the App-Layering component. I initially thought the bad logons times were caused due App-Layering, but with this pure PVS image the logons times were just 5-10sec better. Therefore I thought the problem is caused by something else.

We even saw, that the profile load times takes longer when the Citrix profile store is stored on a Nutanix Fileshare. When we use an Windows fileshare, the logon times are 3-5sec faster.  Interesting is, that it has no influence on the vDisk-store if we use a Nutanix fileshare or a Windows fileshare.

Seems that Nutanix Acropolis is not as optimized for PVS as MCS is. So we will now create MCS based VDIs and kick out the PVS-Server + App-Layering.

Thanks for you help guys :99_muscle:

  • Like 1
Link to comment
  • 0

poor Australian users :)

 

Definitely sounds like something is going back across the wire - are there local domain controllers, sites configured properly, DNS in check etc? in multi-region deployments there is a lot of things to check - looks for sure like something is going back over the wire and hurting you, I'd be looking at that admin logon first and getting that sorted before going anywhere near UPM etc :)

Link to comment
  • 0

Yes, that's actually also my opinion, that something makes a detour over Switzerland. DNS was the first thing I thought about, that could configured wrong. But our AD-Admins told me of course, that everything is configured properly :33_unamused:

I did some tuning yesterday and also enabled profile streaming yesterday and I logon times got a little bit better.  The logon are now between 1min30 to 1min45 with my testuser, measured with the stop clock. With my administrator account the logon is now around 40-50sec.

 

What makes me also suspicious, is that the profile load time takes so long. 26sec for 48 Files that can't be normal. 

I try to capture the logon process with procmon. maybe I see something there, that makes a detour over Switzerland. But I wouldnt be surprised if that is the case....

Thank you 

Link to comment
  • 0

So I captured the login process with Wireshark, I didnt see any entries that would make me jump. But I did another test just out of curiosity, I replaced the FQDN from the profile share with the it's IP and tada the login is immediately much faster.

 

That would actually lead to a DNS problem, but the VDI's are using the correct DNS servers from Australia. Maybe the Sites & Subnets or Secondary/Primary-DNS Server arent configured properly, which causing the DC/DNS Server in Australia send the DNS request unnecessarily to Switzerland :-|

Have to talk to our AD-guys next week if they maybe configured something wrong, but I know their answer already......

Link to comment
  • 0

It seems to be a very strange problem. I found out that our Nutanix cluster has 3 different IP's but all pointing to the same FQDN. It's the same FQDN where the homedrives for the Users are not stored, the CTX-profiles and the PVS vDisk Store.

I dont know if Nutanix is using a DNS load-balancer or just Round-Robin, but I guess this configuration is suboptimal. But it would explain, why I can logon ond 3 VDIs and the profile-load times are always different.

In Switzerland we are also using a Nutanix Cluster but with Vmware as hypervisor and the logins are very fast, below 30s.

 

@Akshay, I checked the Eventlog for those IDs but couldnt find one. Will have a look at the UPM login.

Will let you know, if I see something.

Link to comment
  • 0
On 10/2/2019 at 8:01 PM, Sascha Matter1709156668 said:

Hello

 

We have quite a big problem with one of our branch office in Australia. We built a VDI environment based on Win10, XD7 1906, WEM and PVS. We are using Citrix App-Layering to create the master-image for those VDIs and the hypervisor is Nutanix acropolis. Storage is provided with Nutanix storage.

 

Our problem is, that the users down there facing extreme logon times 3 to almost 7min. Also with an admin account, which dont get a citrix profile, it takes about 60-90s. But when the users are logged in, the performance of the VDI's is good. Just the logon is the problem.

 

We had a problem that our AD-Team didnt create a homeuser share on a file-server in Australia. So the personal data was somehow saved within the Citrix profile. But now we configured a file-server for them in Australia, but we still have those long logon times. Even when we reset the Citrix profile of one of those users.  Streamed Profile is not enabled and we are using WEM for the profile settings and other stuff. 

The director doesnt show us the correct logon times, they are actually much higher than the displayed logon times. I just tested it with a testuser, I used a stop clock during the logon. For 20sec I see the Citrix connecting windows, then for about 60sec the Welcome Screen, then for about 65sec the prepare Windows and bam I see my desktop. The director showed me 88sec :32_expressionless:

 

I checked if the logon server is maybe one here in Switzerland, but it one of the DC's in Australia. We also checked, if there are some GPO in Australia that are copying stuff from Switzerland to the VDI's. That was the case, but we edited those GPOs so that the VDI users in Australia are excluded with item level targeting. Other thing is, that the load time of the Citrix profile is very long even when the profile was resetted. In the pictured I've attached, the profile was about 24MB and 78 files or so.  

 

But also the interactive Session takes very long, Pre-Userinit 45sec and we used the Citrix optimizer. 

 

Other things I've checked so far:
Cache Disk is not full (12GB and 7GB free Space normaly)

Created a master-image without App-Layering, but still the same. 

We created a hosted-shared Desktop, but still the same.

DNS looks good

 

I dont know where the problem is, we tested so many things but nothing really helps. The Nutanix enviroment is quite OP, it's built for over 160VDIs and currently we are only running 20 VDIs on that cluster. 

If it's a storage problem, then I guess the performance overall would be bad too not only during the logon. Network? The Nutanix cluster is hosted in a datacenter in Australia. 

 

Would be extremely thankful for any tips. 

 

Thanks,

 

logontimes-afterProfilereset.PNG


 

Hey mate,

Ask your AD Ops team to check if the subnet(s) assigned to the VDI environment is present and correctly configured in Sites and Services.

If you're a large organization having domain controllers across the globe, there's a fair chance that your users are authenticating randomly against DCs everywhere!

Most common issue I've encountered at every customer with a super easy fix.

Link to comment
  • 0
18 hours ago, Sascha Matter1709156668 said:

We opened a ticket with Nutanix, they said everything is looking ok :-|

 

But one thing I found, the ability to dynamic update DNS A-Records is disabled on the DHCP Server. Can this cause this problem?

 

 

I wouldn't have thought that would have any impact at all on speed - did you confirm sites and subnets as above?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...